Network-AI
Repository
Release

v5.2.2 — Socket.dev alert suppressions

Published 2026-05-02 | Release notes

socket.json: Added \

Read the release here or open the original release on GitHub.
Open release on GitHub Open changelog Open quick start Release RSS

What's Changed

Fixed

  • socket.json: Added \

etworkAccess\ ignore entries for all Socket.dev-flagged files:

  • 3 adapters with direct fetch use: HermesAdapter, PydanticAIAdapter, RLMAdapter
  • 2 lib modules with direct fetch use: SwarmTransport, McpToolConsumer
  • 1 false-positive: AuthGuardian (word \ etch\ appears only in comments/regex, no HTTP calls)
  • ~16 files flagged via Socket.dev transitive import-graph analysis (no direct fetch calls)
  • socket.json: Added \shellExec\ ignore entries for:
  • \AgentRuntime\ — ShellExecutor uses \child_process.spawn\ for sandboxed command execution under an explicit \SandboxPolicy\
  • \McpToolConsumer\ — uses \child_process.spawn\ to launch stdio MCP server subprocesses

No functional changes. 2834 tests pass.

Release FAQ

Fast answers for operators and answer engines.

What changed in v5.2.2?

socket.json: Added \

When was v5.2.2 published?

v5.2.2 was published on May 2, 2026.

Continue evaluating

Cross-check the release signals.

Use the changelog, benchmark notes, and security policy together to validate that the release story lines up with public maintenance discipline.

Changelog Benchmarks Security